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AMENDMENTS TO THE CLAIMS - CLEAN COPY 

The following listing of claims, which shall replace all prior listings and versions of 
claims in this application, includes a clean set of claims reflecting the amendments indicated in 
the accompanying marked-up set of claims. 

Listing of claims: 

1 . (Cancelled) 

2. (Cancelled) 

3. (Cancelled) 

4. (Currently Amended) A method of verifying a program fragment downloaded 
onto a reprogrammable embedded system, equipped with a rewritable memory, a microprocessor 
and a virtual machine equipped with an execution stack and with operand registers, said program 
fragment consisting of an object code and including at least one subprogram consisting of a 
series of instructions manipulating said operand registers, said microprocessor and virtual 
machine making it possible to interpret said object code, said embedded system being 
interconnected to a reader, wherein subsequent to the detection of a downloading command and 
the storage of said object code constituting said program fragment in said rewritable memory, 
said method, for each subprogram, comprises: 

initializing the type stack and the table of register types through data representing 
the state of the virtual machine at the starting of the execution of said temporarily stored 
object code; 
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carrying out a verification process of said temporarily stored object code 
instruction by instruction, by discerning the existence, for each current instruction, of a 
target, a branching-instruction target, a target of an exception-handler call or a target of a 
subroutine call, and, said current instruction being the target of a branching instruction, 
said verification process including verifying that the stack is empty and rejecting the 
program fragment otherwise; 

carrying out a verification process and an updating of the effect of said current 
instruction on the data types of said type stack and of said table of register types; 

said verification process being successful when the table of register types is not 
modified in the course of a verification of all the instructions, and said verification 
process being carried out instruction by instruction until the table of register types is 
stable, with no modification being present, the verification process being interrupted and 
said program fragment being rejected, otherwise. 

5. (Currently Amended) The method of claim 4, wherein the variable types which 
are manipulated during said verification process include at least: 

class identifiers corresponding to object classes which are defined in the program 
fragment; 

numeric variable types including at least a type for an integer coded on a given number of 
bits, designated as short type, and a type for the return address of a jump 
instruction, designated as a return address type; 

references of null objects designated as null type; 
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object type relating to objects designated as object type; 

a first specific type representing the intersection of all the types and corresponding to the 
zero value, designated as the intersection type; 

a second specific type representing the union of all the types and corresponding to any 
type of value, designated as the union type. 

6. (Currently Amended) The method of claim 5, wherein all said variable types 
verify a subtyping relation: 

object type belongs to the union type; 

short type and return address type belong to the union type; and 

the intersection type belongs to null type, short type or return address type. 

7. (Cancelled) 

8. (Currently Amended) The method of claim 4, wherein said current instruction 
being the target of a subroutine call, said verification process comprising: 

verifying that the previous instruction to said current instruction is an unconditional 
branching, a subroutine return or a withdrawal of an exception; and reupdating the 
stack of variable types by an entity of the return address type, formed by the 
return address of the subroutine, in case of a positive verification process; and, 

rejecting said program fragment in case said verification process is failing, otherwise. 

9. (Currently Amended) The method of claim 4, wherein said current instruction 
being the target of an exception handler, said verification process comprising: 
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verifying that the previous instruction to said current instruction is an unconditional 
branching, a subroutine return or a withdrawal of an exception; and 

reupdating the type stack, by entering the exception type, in case of a positive verification 
process; and 

rejecting said program fragment in case of said verification process is failing, otherwise. 

10. (Currently Amended) The method of claim 4, wherein said current instruction 
being the target of multiple incompatible branchings, said verification process is failed and said 
program fragment is rejected. 

1 1 . (Currently Amended) The method of claim 4, wherein said current instruction 
being not the target of any branching, said verification process comprises continuing by passing 
to an update of the type stack. 

12. (Currently Amended) The method of claim 4, wherein said step of verification of 
the effect of the current instruction on the type stack includes, at least: 

verifying that the type execution stack includes at least as many entries as the current 
instruction includes operands; 

unstacking and verifying that the types of the entries at the top of the stack are subtypes 
of the types of the operands types of the operands of said current instruction; 

verifying the existence of a sufficient memory space on the types stack to proceed to 
stack the results of said current instruction; 

stacking on the stack data types which are assigned to these results. 
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13. (Currently Amended) The method of claim 12, wherein said current instruction 
being an instruction to read a register of a given address, said verification process comprises: 

verifying the data type of the result of a corresponding reading, by reading an entry at 
said given address in the table of register types; 

determining the effect of said current instruction on the type stack by unstacking the 
entries of the stack corresponding to the operands of said current instruction and 
by stacking the data type of said result. 

14. (Currently Amended) The method of claim 12, wherein said current instruction 
being an instruction to write to a register of a given address, said verification process comprises: 

determining the effect of the current instruction on the type stack and the given type of 
the operand which is written in this register at said given address; 

replacing the type entry of the table of register types at said given address by the type 
immediately above the previously stored type and above the given type of the 
operand which is written in this register at said given address. 

15. (Currently Amended) A method of transforming an object code of a program 
fragment including a series of instructions, in which the operands of each instruction belong to 
the data types manipulated by said instruction, the execution stack does not exhibit any overflow 
phenomenon, and for each branching instruction, the type of the stack variables at a 
corresponding branching is the same as that of targets of this branching, into a standardized 
object code for this same program fragment, wherein, for all the instructions of said object code, 
said method comprising: 
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annotating each current instruction with the data type of the stack before and after 
execution of said current instruction, with the annotation data being calculated by 
means of an analysis of the data stream relating to said current instruction; 

detecting, within said instructions and within each current instruction, the existence of 
branchings, or respectively of branching-targets, for which said execution stack is 
not empty, said detecting operation being carried out on the basis of the 
annotation data of the type of stack variables allocated to each current instruction; 
and in case of detection of a non-empty execution stack, 

inserting instructions to transfer stack variables on 
either side of said branchings or of said branching targets respectively, in order to 
empty the contents of the execution stack into temporary registers before said 
branching and to reestablish the execution stack from said temporary registers 
after said branching; and not inserting any transfer instruction otherwise, said 
method allowing thus to obtain a standardized object code for said same program 
fragment, in which the operands of each instruction belong to the data types 
manipulated by said instruction, the execution stack does not exhibit any overflow 
phenomenon, the execution stack is empty at each branching instruction and at 
each branching — target instruction, in the absence of any modification to the 
execution of said program fragment. 

16. (Currently Amended) A method of transforming an object code of a program 
fragment including a series of instructions, in which the operands of each instruction belong to 
the data types manipulated by said instruction, and an operand of given type written into a 
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register by an instruction of this object code is reread from this same register by another 
instruction of said object code with the same given data type, into a standardized object code for 
this same program fragment, wherein for all the instructions of said object code, said method 
comprising: 

annotating each current instruction with the data type of the registers before and after 
execution of said current instruction, with the annotation data being calculated by 
means of an analysis of the data stream relating to said instruction; 

carrying out a reallocation of said registers, by detecting the original registers employed 
with different types, dividing these original registers into separate standardized 
registers, with one standardized register for each data type used, and 

reupdating the instructions which manipulate the operands which use said 
standardized registers; 

said method allowing thus to obtain said standardized object code for this same program 
fragment in which the operands of each instruction belong to the data types manipulated 
by said instruction, the same data type being allocated to the same register throughout 
said standardized object code. 

17. (Currently Amended) The method of claim 15, wherein said detecting within said 
instructions and within each current instruction of the existence of branchings, or respectively of 
branching targets, for which the execution stack is not empty, after detection of each 
corresponding instruction of given rank comprises: 
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associating with each instruction of said given rank a set of new registers, one new 
register being associated with each stack variable which is active at this instruction; and 

examining each detected instruction of said given rank and discerning the existence of a 
branching target or branching, respectively; and, in the case where the instruction of said given 
rank is a branching target and that the execution stack at this instruction is not empty, 

for every preceding instruction, of rank preceding said given rank and consisting of a 
branching, a withdrawal of an exception or a program return, said detected instruction of said 
given rank being accessible only by a branching, inserting a set of loading instructions to load 
from the set of new registers before said detected instruction of said given rank, with a 
redirection of all branchings to the detected instruction of said given rank to the first inserted 
loading instruction; and 

for every preceding instruction, of rank preceding said given rank, continuing in 
sequence, said detected instruction of said given rank being accessible simultaneously from a 
branching and from said preceding instruction of rank preceding said given rank, inserting a set 
of backup instructions to back up to the set of new registers before the detected instruction of 
said given rank, and a set of loading instructions to load from this set of new registers, with a 
redirection of all the branchings to the detected instruction of said given rank to the first inserted 
loading instruction, and, in the case where said detected instruction of said given rank is a 
branching to a given instruction, 

for every detected instruction of said given rank consisting of an unconditional 
branching, inserting, before the detected instruction of said given rank, multiple backup 
instructions, a backup instruction being associated with each new register; and 
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for every detected instruction of said given rank consisting of a conditional branching 
instruction, and for a given number greater than zero of operands manipulated by said 
conditional branching instruction, inserting, before said detected instruction of said given rank, a 
permutation instruction, at the top of the execution stack of the operands of the detected 
instruction of said given rank and the following values, the corresponding permutation operation 
allowing thus to collect at the top of the execution stack said following values to be backed up in 
the set of new registers; inserting, before the instruction of said given rank, a set of backup 
instructions to back up to the set of new registers; and inserting, after the detected instruction of 
said given rank, a set of load instructions to load from the set of new registers. 

18. (Currently Amended) The method of claim 16, wherein reallocating registers by 
detecting the original registers employed with different types comprises: 

determining the lifetime intervals of each register; 

determining the main data type of each lifetime interval, the main data type of a lifetime 
interval for a given register being defined by the upper bound of the data types stored in said 
given register by the backup instructions belonging to said lifetime interval; 

establishing an interference graph between the lifetime intervals, said interference graph 
consisting of a non-oriented graph of which each peak consists of a lifetime interval, and of 
which the arcs between two peaks exist if one of the peaks contains a backup instruction 
addressed to the register of the other peak or vice versa; 

translating the uniqueness of a data type which is allocated to each register in the 
interference graph, by adding arcs between, all pairs of peaks of the interference graph while two 
peaks of a pair of peaks do not have the same associated main data type; 
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carrying out an instantiation of the interference graph, by assigning to each lifetime 
interval a register number, in such a way that different register numbers are assigned to two 
adjacent life time intervals in said interference graph. 

19. (Cancelled) 

20. (Currently Amended) An embedded system which can be reprogrammed by 
downloading program fragments, said embedded system including a least one microprocessor, 
one random-access memory, one input/output module, one electrically reprogrammable 
nonvolatile memory and one permanent memory, in which are installed a main program and a 
virtual allowing to execute the main program and at least one program fragment using said 
microprocessor, wherein said embedded system includes at least one verification program 
module to verify a downloaded program fragment in accordance with a process comprising: 

initializing the type stack and the table of register types through data representing the 
state of said virtual machine at the starting of the execution of said temporarily stored object 
code; 

carrying out a verification process of said temporarily stored object code instruction by 
instruction, by discerning the existence, for each current instruction, of a target, a branching- 
instruction target, a target of an exception-handler call or a target of a subroutine call, and, said 
current instruction being the target of a branching instruction, said verification process consisting 
in verifying that the stack is empty and rejecting the program fragment otherwise; 

carrying out a verification process and an updating of the effect of said current instruction 
on the data types of said type stack and of said table of register types; 
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said verification process being successful when the table of register types is not modified in the 
course of a verification of all the instructions, and said verification process being carried out 
instruction by instruction until the table of register types is stable, with no modification being 
present, said verification process being interrupted and said program fragment being rejected, 
otherwise; 

said management and verification program module being installed in the permanent memory. 

21. (Cancelled) 

22. (Currently Amended) A system for transforming an object code of a program 
fragment including a series of instructions, in which the operands of each instruction belong to 
the data types manipulated by said instruction, the execution stack does not exhibit any overflow 
phenomenon and for each branching instruction, the type of stack variables at a corresponding 
branching is the same as that of the targets of this branching, and an operand of given type 
written to a register by an instruction of said object code is reread from said same register by 
another instruction of this object code with the same given data type, into a standardized object 
code for this same program fragment, wherein said transforming system includes, at least, 
installed in the working memory of a development computer or workstation, a program module 
for transforming said object code into a standardized object code in accordance with a process of 
transforming including for all the instructions of said object code comprising: 

annotating each current instruction with the data type of the stack before and after 
execution of said current instruction, with the annotation data being calculated by means of an 
analysis of the data stream relating to said current instruction; 
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detecting, within said instructions and within each current instruction, the existence of 
branchings, or respectively of branching-targets, for which said execution stack is not empty, 
said detecting operation being carried out on the basis of the annotation data of the type of stack 
variables allocated to each current instruction; and, in case of detection of a non — empty 
execution stack, 

inserting instructions to transfer stack variables on either side of said branchings or of 
said branching targets respectively, in order to empty the contents of the execution stack into 
temporary registers before said branching and to reestablish the execution stack from said 
temporary registers after said branching; and 

not inserting any transfer instruction otherwise, said method allowing thus to obtain said 
standardized object code for said same program fragment, in which the operands of each 
instruction belong to the data types manipulated by said instruction, the execution stack does not 
exhibit any overflow phenomenon, the execution stack is empty at each branching instruction 
and at each branching-target instruction, in the absence of any modification to the execution of 
said program fragment. 

23. (Cancelled) 

24. (Currently Amended) A computer program product which is recorded on a 
medium and can be loaded directly from a terminal into the internal memory of a 
reprogrammable embedded system equipped with a microprocessor and a rewritable memory, 
said embedded system making it possible to download and temporarily store a program fragment 
consisting of an object code including a series of instructions, executable by said microprocessor 
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by way of a virtual machine equipped with an execution stack and with operand registers 
manipulated via said instructions and making it possible to interpret said object code, said 
computer program product including portions of object code to execute the steps of verifying a 
program fragment downloaded onto said embedded system according to a verifying process, said 
verifying process comprising: 

initializing the type stack and the table of register types through data representing the state of 
said virtual machine at the starting of the execution of said temporarily stored object 
code; 

carrying out a verification process of said temporarily stored object code instruction by 
instruction, by discerning the existence, for each current instruction, of a target, a 
branching-instruction target, a target of an exception-handler call or a target of a 
subroutine call, and, said current instruction being the target of a branching instruction, 
said verification process consisting in verifying that the stack is empty and rejecting the 
program fragment otherwise; 

carrying out a verification process and an updating of the effect of said current instruction on the 
data types of said type stack and of said table of register types; 

said verification process being successful when the table of register types is not modified in the 
course of a verification of all the instructions, and said verification process being carried out 
instruction by instruction until the table of register types is stable, with no modification being 
present, said verification process being interrupted and said program fragment being rejected, 
otherwise. 
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25. (Currently Amended) A computer program product which is recorded on a 
medium including portions of object code to execute steps of a process of transforming an object 
code of a downloaded program fragment into a standardized object code for this same program, 
said process of transforming comprising: 

annotating each current instruction with the data type of the stack before and after execution of 
said current instruction, with the annotation data being calculated by means of an analysis 
of the data stream relating to said current instruction; 

detecting, within said instructions and within each current instruction, the existence of 
branchings, or respectively of branching — targets, for which said execution stack is not 
empty, said detecting operation being carried out on the basis of the annotation data of 
the type of stack variables allocated to each current instruction, and, in case of detection 
of a non-empty execution stack; 

inserting instructions to transfer stack variables on either side of said branchings or of said 
branching targets respectively, in order to empty the contents of the execution stack into 
temporary registers before said branching and to reestablish the execution stack from said 
temporary registers after said branching; and 

not inserting any transfer instruction otherwise, said method allowing thus to obtain said 
standardized object code for said same program fragment, in which the operands of each 
instruction belong to the data types manipulated by said instruction, the execution stack 
does not exhibit any overflow phenomenon, the execution stack is empty at each 
branching instruction and at each branching — target instruction, in the absence of any 
modification to the execution of said program fragment. 
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26. (Currently Amended) A computer program product which is recorded on a 
medium and can be used in a reprogrammable embedded system, equipped with a 
microprocessor and a rewritable memory, said embedded system allowing to download a 
program fragment consisting of an object code, a series of instructions, executable by the 
microprocessor of said embedded system by means of a virtual machine equipped with an 
execution stack and with local variables or registers manipulated via these instructions and 
making it possible to interpret said object code, said computer program product comprising: 

program resources which can be read by the microprocessor of said embedded system via said 
virtual machine, to command execution of a procedure for managing the downloading of 
a downloaded program fragment; 

program resources which can be read by the microprocessor of said embedded system via said 
virtual machine, to command execution of a procedure for verifying, instruction by 
instruction, said object code which makes up said program fragment; 

program resources which can be read by the microprocessor of said embedded system via said 
virtual machine, to command execution of a downloaded program fragment subsequent to 
or in the absence of a conversion of said object code of said program fragment into a 
standardized object code for this same program fragment. 

27. (Currently Amended) The computer program product as claimed in claim 26, 
additionally including program resources which can be read by the microprocessor of said 
embedded system via said virtual machine, to command inhibition of execution, by said 
embedded system, of said program fragment in the case of an unsuccessful verification 
procedure of this program fragment. 
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